[Openswan dev] Errno 28: No space left on device while rekeying
Michael Richardson
mcr at sandelman.ottawa.on.ca
Mon Jan 8 16:09:26 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Matthias" == Matthias Haas <mh at pompase.net> writes:
Matthias> are no free entries left for rekeying. In addition it
Matthias> seems to me that the SA entries are used in a round robin
Matthias> manner, where every rekeyed SA does not replaye the old
Matthias> SA, but takes a new entry. Is this theory correct? If it
Matthias> is my only way to cope with this problem is either to size
Matthias> the tables larger or lower the rekey times to get rid od
Matthias> the useless SA entries a lot earlier.
With netkey, that is likely.
(It was somewhat true of KAME)
KLIPS should only use the outgoing SA which is referenced in the
eroute table (there is a strong link). Incoming SAs remain until they
expire, unless the peer is also openswan, in which case, the delete SA
messages are pretty reliably acted upon.
(there is no special code for the openswan case, --- just I know that
openswan implements the heuristic properly)
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRaKzBICLcPvd0N1lAQIH8wf+Nvw0AGNMrfQf/NUYgwwYbKGz+yjmP9U8
wKZS8yD1ILxCYqDr4m4k42M+h9FZtf1wo7y8Kvl8KizPHO/7QVxnKzLxuDjGZhHT
XS9FDsAkQW0+IBwyaS5ZYU4mR/1fd4q/+Vfgc1tJUnMFP7e6Ch1nL4M/tc1U9coG
qU/+rgI0e1W61KNphnc4HUeGie3prEJJ0TsBVdaEXSFJWRom+Sney3Xluv88PIhP
obIM90q142WBhxPGar9BRooq5zC9AmOLNRI0azOKZ+nEQos3k3p13gqeV1Pyz88Z
G/sVmxaDUpGQ68g8oeaK6TEd4/mXkfxcdryYGX5Nl2F+3i2OGWNPLQ==
=SLbR
-----END PGP SIGNATURE-----
More information about the Dev
mailing list